package org.apereo.cas.support.saml.util;

import java.net.InetAddress;
import java.time.Clock;
import java.time.Instant;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;
import javax.xml.namespace.QName;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.util.CompressionUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.RandomUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeValue;
import org.opensaml.saml.saml2.core.Audience;
import org.opensaml.saml.saml2.core.AudienceRestriction;
import org.opensaml.saml.saml2.core.AuthnContext;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.opensaml.saml.saml2.core.Conditions;
import org.opensaml.saml.saml2.core.EncryptedID;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.LogoutResponse;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.saml.saml2.core.RequesterID;
import org.opensaml.saml.saml2.core.SessionIndex;
import org.opensaml.saml.saml2.core.Statement;
import org.opensaml.saml.saml2.core.Status;
import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.saml.saml2.core.StatusMessage;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.opensaml.saml.saml2.core.SubjectConfirmationData;
import org.opensaml.saml.saml2.ecp.Response;
import org.pac4j.oauth.profile.yahoo.YahooProfileDefinition;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-saml-core-api-6.6.14.jar:org/apereo/cas/support/saml/util/AbstractSaml20ObjectBuilder.class */
public abstract class AbstractSaml20ObjectBuilder extends AbstractSamlObjectBuilder {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AbstractSaml20ObjectBuilder.class);
    private static final long serialVersionUID = -4325127376598205277L;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractSaml20ObjectBuilder(OpenSamlConfigBean openSamlConfigBean) {
        super(openSamlConfigBean);
    }

    private static void configureAttributeNameFormat(Attribute attribute, String str) {
        LOGGER.trace("Configuring Attribute's: [{}] nameFormat: [{}]", attribute, str);
        if (StringUtils.isBlank(str)) {
            return;
        }
        String lowerCase = str.trim().toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case -1626174665:
                if (lowerCase.equals("unspecified")) {
                    z = 4;
                    break;
                }
                break;
            case 116076:
                if (lowerCase.equals(YahooProfileDefinition.URI)) {
                    z = 2;
                    break;
                }
                break;
            case 27010707:
                if (lowerCase.equals(Attribute.UNSPECIFIED)) {
                    z = 5;
                    break;
                }
                break;
            case 93508654:
                if (lowerCase.equals("basic")) {
                    z = false;
                    break;
                }
                break;
            case 148579466:
                if (lowerCase.equals(Attribute.BASIC)) {
                    z = true;
                    break;
                }
                break;
            case 1184529608:
                if (lowerCase.equals(Attribute.URI_REFERENCE)) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
                attribute.setNameFormat(Attribute.BASIC);
                return;
            case true:
            case true:
                attribute.setNameFormat(Attribute.URI_REFERENCE);
                return;
            case true:
            case true:
                attribute.setNameFormat(Attribute.UNSPECIFIED);
                return;
            default:
                attribute.setNameFormat(str);
                return;
        }
    }

    public NameID getNameID(String str, String str2) {
        NameID nameID = (NameID) newSamlObject(NameID.class);
        nameID.setFormat(str);
        nameID.setValue(str2);
        return nameID;
    }

    public Response newEcpResponse(String str) {
        Response response = (Response) newSamlObject(Response.class);
        response.setSOAP11MustUnderstand(Boolean.TRUE);
        response.setSOAP11Actor("http://schemas.xmlsoap.org/soap/actor/next");
        response.setAssertionConsumerServiceURL(str);
        return response;
    }

    public org.opensaml.saml.saml2.core.Response newResponse(String str, ZonedDateTime zonedDateTime, String str2, WebApplicationService webApplicationService) {
        LOGGER.trace("Creating Response instance for id: [{}], issueInstant: [{}]], recipient: [{}], service: [{}]", str, zonedDateTime, str2, webApplicationService);
        org.opensaml.saml.saml2.core.Response response = (org.opensaml.saml.saml2.core.Response) newSamlObject(org.opensaml.saml.saml2.core.Response.class);
        response.setID(str);
        response.setIssueInstant(zonedDateTime.toInstant());
        response.setVersion(SAMLVersion.VERSION_20);
        if (StringUtils.isNotBlank(str2)) {
            LOGGER.debug("Setting provided RequestId [{}] as InResponseTo", str2);
            response.setInResponseTo(str2);
        } else {
            LOGGER.debug("No recipient is provided. Skipping InResponseTo");
        }
        return response;
    }

    public Status newStatus(String str, String str2) {
        LOGGER.trace("Creating new SAML Status for code value: [{}], status message: [{}]", str, str2);
        Status status = (Status) newSamlObject(Status.class);
        StatusCode statusCode = (StatusCode) newSamlObject(StatusCode.class);
        statusCode.setValue(str);
        status.setStatusCode(statusCode);
        if (StringUtils.isNotBlank(str2)) {
            StatusMessage statusMessage = (StatusMessage) newSamlObject(StatusMessage.class);
            statusMessage.setValue(str2);
            status.setStatusMessage(statusMessage);
        }
        return status;
    }

    public Assertion newAssertion(AuthnStatement authnStatement, String str, ZonedDateTime zonedDateTime, String str2) {
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(authnStatement);
        return newAssertion(arrayList, str, zonedDateTime, str2);
    }

    public Assertion newAssertion(List<Statement> list, String str, ZonedDateTime zonedDateTime, String str2) {
        LOGGER.trace("Creating new SAML Assertion with id: [{}], for issuer: [{}], issued at: [{}]", str2, str, zonedDateTime);
        Assertion assertion = (Assertion) newSamlObject(Assertion.class);
        assertion.setID(str2);
        assertion.setIssueInstant(zonedDateTime.toInstant());
        assertion.setIssuer(newIssuer(str));
        assertion.getStatements().addAll(list);
        return assertion;
    }

    public LogoutResponse newLogoutResponse(String str, String str2, Issuer issuer, Status status, String str3) {
        LogoutResponse logoutResponse = (LogoutResponse) newSamlObject(LogoutResponse.class);
        logoutResponse.setIssuer(issuer);
        logoutResponse.setIssueInstant(Instant.now(Clock.systemUTC()));
        logoutResponse.setID(str);
        logoutResponse.setDestination(str2);
        logoutResponse.setInResponseTo(str3);
        logoutResponse.setStatus(status);
        logoutResponse.setVersion(SAMLVersion.VERSION_20);
        return logoutResponse;
    }

    public LogoutRequest newLogoutRequest(String str, ZonedDateTime zonedDateTime, String str2, Issuer issuer, String str3, NameID nameID) {
        LOGGER.trace("Creating new SAML LogoutRequest with id: [{}], for issuer: [{}], for destination: [{}], for NameID: [{}],issued at: [{}]", str, issuer, str2, nameID, zonedDateTime);
        LogoutRequest logoutRequest = (LogoutRequest) newSamlObject(LogoutRequest.class);
        logoutRequest.setID(str);
        logoutRequest.setVersion(SAMLVersion.VERSION_20);
        logoutRequest.setIssueInstant(zonedDateTime.toInstant());
        logoutRequest.setIssuer(issuer);
        logoutRequest.setDestination(str2);
        if (StringUtils.isNotBlank(str3)) {
            SessionIndex sessionIndex = (SessionIndex) newSamlObject(SessionIndex.class);
            sessionIndex.setValue(str3);
            logoutRequest.getSessionIndexes().add(sessionIndex);
        }
        if (nameID != null) {
            logoutRequest.setNameID(nameID);
        }
        return logoutRequest;
    }

    public Issuer newIssuer(String str) {
        Issuer issuer = (Issuer) newSamlObject(Issuer.class);
        issuer.setValue(str);
        return issuer;
    }

    public void addAttributeValuesToSaml2Attribute(String str, Object obj, String str2, List<XMLObject> list) {
        addAttributeValuesToSamlAttribute(str, obj, str2, list, AttributeValue.DEFAULT_ELEMENT_NAME);
    }

    public AuthnStatement newAuthnStatement(String str, ZonedDateTime zonedDateTime, String str2) {
        LOGGER.trace("Building authentication statement with context class ref [{}] @ [{}] with index [{}]", str, zonedDateTime, str2);
        AuthnStatement authnStatement = (AuthnStatement) newSamlObject(AuthnStatement.class);
        AuthnContext authnContext = (AuthnContext) newSamlObject(AuthnContext.class);
        AuthnContextClassRef authnContextClassRef = (AuthnContextClassRef) newSamlObject(AuthnContextClassRef.class);
        authnContextClassRef.setURI(str);
        authnContext.setAuthnContextClassRef(authnContextClassRef);
        authnStatement.setAuthnContext(authnContext);
        authnStatement.setAuthnInstant(zonedDateTime.toInstant());
        authnStatement.setSessionIndex(str2);
        return authnStatement;
    }

    public Conditions newConditions(ZonedDateTime zonedDateTime, ZonedDateTime zonedDateTime2, String... strArr) {
        LOGGER.debug("Building conditions for audience [{}] that enforce not-before [{}] and not-after [{}]", strArr, zonedDateTime, zonedDateTime2);
        Conditions conditions = (Conditions) newSamlObject(Conditions.class);
        conditions.setNotBefore(zonedDateTime.toInstant());
        conditions.setNotOnOrAfter(zonedDateTime2.toInstant());
        AudienceRestriction audienceRestriction = (AudienceRestriction) newSamlObject(AudienceRestriction.class);
        Arrays.stream(strArr).forEach(str -> {
            Audience audience = (Audience) newSamlObject(Audience.class);
            audience.setURI(str);
            audienceRestriction.getAudiences().add(audience);
        });
        conditions.getAudienceRestrictions().add(audienceRestriction);
        return conditions;
    }

    public SubjectConfirmation newSubjectConfirmation(String str, ZonedDateTime zonedDateTime, String str2, ZonedDateTime zonedDateTime2, InetAddress inetAddress) {
        LOGGER.debug("Building subject confirmation for recipient [{}], in response to [{}]", str, str2);
        SubjectConfirmation subjectConfirmation = (SubjectConfirmation) newSamlObject(SubjectConfirmation.class);
        subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
        SubjectConfirmationData subjectConfirmationData = (SubjectConfirmationData) newSamlObject(SubjectConfirmationData.class);
        if (StringUtils.isNotBlank(str)) {
            subjectConfirmationData.setRecipient(str);
        }
        if (StringUtils.isNotBlank(str2)) {
            subjectConfirmationData.setInResponseTo(str2);
        }
        FunctionUtils.doIfNotNull(inetAddress, inetAddress2 -> {
            subjectConfirmationData.setAddress(inetAddress.getHostAddress());
        });
        FunctionUtils.doIfNotNull(zonedDateTime, zonedDateTime3 -> {
            subjectConfirmationData.setNotOnOrAfter(zonedDateTime.toInstant());
        });
        FunctionUtils.doIfNotNull(zonedDateTime2, zonedDateTime4 -> {
            subjectConfirmationData.setNotBefore(zonedDateTime2.toInstant());
        });
        subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
        return subjectConfirmation;
    }

    public Subject newSubject(String str, String str2, SubjectConfirmation subjectConfirmation) {
        return newSubject(getNameID(str, str2), (SAMLObject) null, subjectConfirmation);
    }

    public Subject newSubject(SAMLObject sAMLObject, SAMLObject sAMLObject2, SubjectConfirmation subjectConfirmation) {
        LOGGER.debug("Building subject for NameID [{}]", sAMLObject);
        Subject subject = (Subject) newSamlObject(Subject.class);
        subject.setNameID(null);
        subject.getSubjectConfirmations().forEach(subjectConfirmation2 -> {
            subjectConfirmation2.setNameID(null);
        });
        if (sAMLObject instanceof NameID) {
            subject.setNameID((NameID) sAMLObject);
            subject.setEncryptedID(null);
        }
        if (sAMLObject instanceof EncryptedID) {
            subject.setNameID(null);
            subject.setEncryptedID((EncryptedID) sAMLObject);
        }
        if (sAMLObject2 instanceof NameID) {
            subjectConfirmation.setNameID((NameID) sAMLObject2);
            subjectConfirmation.setEncryptedID(null);
        }
        if (sAMLObject2 instanceof EncryptedID) {
            subjectConfirmation.setNameID(null);
            subjectConfirmation.setEncryptedID((EncryptedID) sAMLObject2);
        }
        subject.getSubjectConfirmations().add(subjectConfirmation);
        LOGGER.debug("Built subject [{}]", subject);
        return subject;
    }

    @Override // org.apereo.cas.support.saml.util.AbstractSamlObjectBuilder
    public String generateSecureRandomId() {
        return RandomUtils.generateSecureRandomId();
    }

    public String decodeSamlAuthnRequest(String str) {
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        return inflateAuthnRequest(EncodingUtils.decodeBase64(str));
    }

    protected <T extends SAMLObject> T newSamlObject(Class<T> cls) {
        return (T) SamlUtils.newSamlObject(cls, getSamlObjectQName(cls));
    }

    protected QName getSamlObjectQName(Class cls) {
        return SamlUtils.getSamlObjectQName(cls);
    }

    protected Attribute newAttribute(String str, String str2, Object obj, Map<String, String> map, String str3, Map<String, String> map2) {
        Attribute attribute = (Attribute) newSamlObject(Attribute.class);
        attribute.setName(str2);
        if (StringUtils.isNotBlank(str)) {
            attribute.setFriendlyName(str);
        } else {
            attribute.setFriendlyName(str2);
        }
        addAttributeValuesToSaml2Attribute(str2, obj, map2.get(str2), attribute.getAttributeValues());
        if (map.isEmpty() || !map.containsKey(attribute.getName())) {
            LOGGER.debug("Skipped name format, as no name formats are defined or none is found for attribute [{}]", attribute.getName());
            configureAttributeNameFormat(attribute, str3);
        } else {
            String str4 = map.get(attribute.getName());
            LOGGER.debug("Found name format [{}] for attribute [{}]", str4, attribute.getName());
            configureAttributeNameFormat(attribute, str4);
            LOGGER.debug("Attribute [{}] is assigned the name format of [{}]", attribute.getName(), attribute.getNameFormat());
        }
        LOGGER.debug("Attribute [{}] has [{}] value(s)", attribute.getName(), Integer.valueOf(attribute.getAttributeValues().size()));
        return attribute;
    }

    protected String inflateAuthnRequest(byte[] bArr) {
        String inflate = CompressionUtils.inflate(bArr);
        return !StringUtils.isEmpty(inflate) ? inflate : CompressionUtils.decodeByteArrayToString(bArr);
    }

    protected String getInResponseTo(RequestAbstractType requestAbstractType, String str, boolean z) {
        boolean z2 = !z && StringUtils.isNotBlank(requestAbstractType.getID());
        if (z2 && requestAbstractType.getExtensions() != null) {
            Stream stream = ((List) Optional.ofNullable(requestAbstractType.getExtensions()).map((v0) -> {
                return v0.getUnknownXMLObjects();
            }).orElseGet(List::of)).stream();
            Class<RequesterID> cls = RequesterID.class;
            Objects.requireNonNull(RequesterID.class);
            Stream filter = stream.filter((v1) -> {
                return r1.isInstance(v1);
            });
            Class<RequesterID> cls2 = RequesterID.class;
            Objects.requireNonNull(RequesterID.class);
            z2 = filter.map((v1) -> {
                return r1.cast(v1);
            }).noneMatch(requesterID -> {
                return str.equalsIgnoreCase(requesterID.getURI());
            });
        }
        if (z2) {
            return requestAbstractType.getID();
        }
        return null;
    }
}
